The correct way to restrict access, based on Country, network range, IP address

OS type and version: CentOS Linux 7.9.2009
Webmin version: 1.973
Virtualmin version: 6.16

I need to know the correct way to restrict any access to a Virtualmin server, since there is no iptables and I’m not sure what is the best practice.

I need to be able to restrict any access to the server:

  • for one or more countries,
  • one or more network ranges,
  • by IP.

Please, provide examples per each case.

Thank you.

You need to be more specific.

Are you trying to block one or more countries, or only allow those countries?

Are you trying to block one or more IP addresses / ranges, or only allow those IP addresses / ranges?

What server software are you using?

What firewall software are you using?

How precise do you need the country identification to be? Are you willing to pay for more precision?

Do you understand that even paid country identification is unreliable?



The latter two easily doable using Webmin ⇾ Webmin Configuration: IP Access Control page:

1 Like

This is what I was looking for, many thanks!
This interface also suggests a neat way to put more networks (like in the case of blocking countries/regions) - I can use hosts.deny and activate it in the Webmin Configuration: IP Access Control interface.
Great answer, thank you.

Just a clarification question - does the Webmin Configuration: IP Access Control interface use FirewallD or it relies on hosts.allow and hosts.deny ?

Neither, Webmin uses its own implementations (on miniserv side).

In such case what is the best way in terms of performance?

It would be easier using Webmin implementation (IP Access Control page) to control access to miniserv. Although, using iptables will always be faster, as it’s a kernel module. However, this can be neglected in most cases.

The hosts.allow and hosts.deny syntax allows for using a process name. In case the option mentioned above (in the picture) is used, what should be the value of the process name?

I’m just asking out of curiosity, please ignore my question if it will take a significant time/effort to find out.

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.